4 matches found
CVE-2025-27847
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...
CVE-2025-27846
In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected...
CVE-2025-27847
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...
LetoDMS Cross-Site Request Forgery Vulnerability
LetoDMS is a document management system based on PHP+MySQL development. A cross-site request forgery vulnerability exists in LetoDMS versions prior to 3.3.8, which can be exploited by remote attackers to hijack a victim's authentication...